-
thiago.santos@intel.com authored
https://bugs.webkit.org/show_bug.cgi?id=89875 Reviewed by Maciej Stachowiak. .: Added the bits to EFL/CMake buildsystem to find the libseccomp library. * Source/cmake/FindLibSeccomp.cmake: Added. * Source/cmake/OptionsEfl.cmake: * Source/cmake/WebKitFeatures.cmake: * Source/cmakeconfig.h.cmake: Source/WebCore: Make the DATA_DIR global since it is now needed for WebCore and WebKit2. It is now used to set a sandbox policy for the EFL port. * PlatformEfl.cmake: Source/WebKit2: Introduce the foundations of the SeccompFilter-based sandbox. The hardening of the WebProcess (and potentially PluginProcess, etc) works by a combination of the two things: - Blocking syscalls that are not used, reducing the size of the attack surface. - Trapping sensitive syscalls and delegating the execution of these syscalls to a separated trusted process subject to a set of policies. The initial implementation traps the open()-family of syscalls on WebKit E...
0ee9d4d0